Overview

overview

10

Static

static

10

b2fb8c2cba...3b.exe

windows7-x64

10

b2fb8c2cba...3b.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b2fb8c2cba891eb0a56e5fdacf61b25c3f96885de5a65392f26041a68b2aad3b.zip

  • Size

    51KB

  • Sample

    230329-nb4geaga65

  • MD5

    095629f20794d15b501705b6c305f0d5

  • SHA1

    ccfbfa447112509fbcdef3a4eb3e4ff6d8077dcc

  • SHA256

    a3aaffa49f6ca8c4baff028eaa44168e2762cf69904f6c94370a06106d72c47b

  • SHA512

    a6e0753ca9b020b04fa76ff3c57a637da7c52c610f3800be11db7955d18b8df5ae2bd9971698b6b8dd8d97e56162c3a0c7d2d2df37c61da9443ef546bf2a0f12

  • SSDEEP

    1536:CfZlP+MHWztHF9HVO0tvYDG9aiIJSghnuBO:2+MHQFHvtKLvhuBO

Score
10/10
redlinefromdiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

from

C2

176.113.115.145:4125

Attributes
  • auth_value

    8633e283485822a4a48f0a41d5397566

Targets

    • Target

      b2fb8c2cba891eb0a56e5fdacf61b25c3f96885de5a65392f26041a68b2aad3b

    • Size

      175KB

    • MD5

      a5c90ba8bb641ad252a59c4c75c4c2ad

    • SHA1

      941e7b7561dc28d52c72036069b87949934f6e90

    • SHA256

      b2fb8c2cba891eb0a56e5fdacf61b25c3f96885de5a65392f26041a68b2aad3b

    • SHA512

      3255fff24746109341d3d7c7953ae78cc99cf8dfff5583980c6cbebc291f6fa760fcbbb8c6486c569a9ac72b2922f1357af538aa5bb8f147471770b021eb07f5

    • SSDEEP

      3072:4xqZWZRanU2n0/Z62eJ5evJ9ih+PxNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOm:mqZg/Z6XJIih

    Score
    10/10
    redlinefromdiscoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks